[H-GEN] weird web server logs
Jason Parker-Burlingham
jasonp at uq.net.au
Sat Feb 22 22:20:52 EST 2003
[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
Tony Nugent <tony at linuxworks.com.au> writes:
> /var/www/html/scripts/..Á<9C>../winnt/system32/cmd.exe
> /var/www/html/scripts/..%5c../winnt/system32/cmd.exe
> /var/www/html/scripts/..%2f../winnt/system32/cmd.exe
>
> I'd really like to have web server outright refuse to respond to
> these sorts of queries... is possible to get apache to automatically
> block (or ignore) IPs that do this - especially not to respond with
> any error message (ie, ignore the request)?
What's wrong with your webserver saying "No, I'm not vulnerable,
thanks!" to a scanner? In the very best case scenario the worm or
whatever might even stop scanning you at that point.
--
``I may have agreed to something involving a goat.'' -- CJ
--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'. See http://www.humbug.org.au/
More information about the General
mailing list